i have several security devices issued by banks and wondering if there is any way to reuse, reprogram or repurpose to use with more contemporary services such as lastpass and / or google authenticate? ...

I am aiming to lock down a web service that accesses other services and has a publicly facing UI.
I have a hosted service on a network that requires 2-factor authentication to access. This service's ...

What would be a good way to authenticate a user to authenticate to websites and applications over a smart phone? By good, I mean that it is both secure, and user-friendly. Passwords don't seem to be ...

Take for example 1Password, that now can store your password and one time password secret in a single place (your 1Password vault).
I know it isn't truly two-factor anymore, but how much better is it ...

Some of our clients have started migrating to soft tokens instead of hardware ones for two-factor authentication to their network.
We have apps like RSA SecurID and VIP Access on our smartphones.
The ...

One of the benefits of using Software based Strong Authentication apps (e.g. RSA SecurID Software Tokens) is that if the device that is running the Token generation app is compromised or lost, the ID ...

For a lot of web services offering two factor authentication, after setting up the system, you are given a short list of backup codes (one-time pads) that are around 7-10 characters long. These are ...

An organization has all the regular controls you can think of for network and systems protection from the 10 security domains. External login access to the organization's services is protected with 2 ...

I recently installed Bitlocker on my Windows 8.1 machine, using only a password. I was thinking of getting something other than just a password for my storage drive, something physical, like a USB, SD ...

Google recently announced support for Universal 2nd Factor (U2F) authentication in Chrome and started allowing that authentication mechanism to be used for 2-factor authentication across their various ...

Google and Yubico just announced the availability of cryptographic security tokens following the FIDO U2F specification. Is this just another 2FA option, or is this significantly better than solutions ...

My company has a few dozen servers hosted on a cloud provider. All but one (OpenVPN host) is closed to the internet. We're using OpenVPN AS which uses certs + Google Authenticator for login.
We are ...

I was one of the people who thought that enabling 2-factor in Apple would have prevented the download of images from iCloud; it was recently pointed out to me that, in fact, I was gravely mistaken. ...

Does multi-factor authentication provide any additional security benefits on top of doing a better job at correctly identifying and authenticating users compared to single factor authentication? In ...

I have a Linux server running SSHD and would like to know if its possible to configure it, such that from within the LAN you only need a RSA key to authenticate (on port X), but from outside the LAN ...

Let's say that I've a relatively strong password, but I don't want to use many different passwords for each different service, and let's say that those services provide two-factor authentication using ...

[Being a LastPass user] recently I moved to Google Authenticator instead of using Grid Authentication as a 2-factor security. For me, finding and filling letters from such a dense matrix is a rather ...

After signing in Google 2-Step verification scenario, user should enter verification code which sends to his mobile. Without it, he couldn't access to Gmail account.
Consider an attacker does session ...

I have observed a number of web-based login forms that offer 2-factor authentication do token entry on a second form after validating your username and password.
Is there a reason not to ask people ...

I was talking with a friend about HeartBleed, and he mentioned that he had 2-factor authentication enabled on all the sites that supported it, so even with his username and passwords, nobody would be ...

We're considering a 2 factor TOTP solution on a mobile phone. However, it would be much easier for the user to somehow send the OTP to the server by pushing a button, rather than manually typing in a ...

A friend of mine lives in Hong Kong and she travelled to China over the weekend. Whilst there, she was able to use Gmail on her Android phone without logging in again, but she had to re-login on her ...

I was considering adding HOTP as an option to my website (alongside things such as SMSed one time tokens which I already have). But I was considering one issue that HOTP inherently has:
Things such ...